Ubuntu Security Notice USN-6505-1

Ubuntu Security Notice 6505-1 - It was discovered that nghttp2 incorrectly handled request cancellation. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service.

Ubuntu Security Notice USN-6506-1

Ubuntu Security Notice 6506-1 - David Shoon discovered that the Apache HTTP Server mod_macro module incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. Prof. Sven Dietrich, Isa Jafarov, Prof. Heejo Lee, and Choongin Lee discovered that the Apache HTTP Server incorrectly handled certain HTTP/2 connections. A remote attacker could possibly use this issue to cause the server to consume resources, leading to a denial of service. This issue only affected Ubuntu 23.04, and Ubuntu 23.10.

Ubuntu Security Notice USN-6504-1

Ubuntu Security Notice 6504-1 - It was discovered that tracker-miners incorrectly handled sandboxing. If a second security issue was discovered in tracker-miners, an attacker could possibly use this issue in combination with it to escape the sandbox.

Ubuntu Security Notice USN-6502-1

Ubuntu Security Notice 6502-1 - Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code. Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service.

Ubuntu Security Notice USN-6503-1

Ubuntu Security Notice 6503-1 - Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service. Bien Pham discovered that the netfiler subsystem in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local user could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-6501-1

Ubuntu Security Notice 6501-1 - It was discovered that RabbitMQ incorrectly handled certain HTTP requests. An attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice USN-6496-1

Ubuntu Security Notice 6496-1 - Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code. Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service.

Ubuntu Security Notice USN-6497-1

Ubuntu Security Notice 6497-1 - Maxim Levitsky discovered that the KVM nested virtualization implementation for AMD processors in the Linux kernel did not properly handle x2AVIC MSRs. An attacker in a guest VM could use this to cause a denial of service. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly handle queue initialization failures in certain situations, leading to a use-after-free vulnerability. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-6494-1

Ubuntu Security Notice 6494-1 - Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service. Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker could use this to cause a denial of service or possibly expose sensitive information.

Ubuntu Security Notice USN-6495-1

Ubuntu Security Notice 6495-1 - Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service. Manfred Rudigier discovered that the Intel PCI-Express Gigabit Ethernet driver in the Linux kernel did not properly validate received frames that are larger than the set MTU size, leading to a buffer overflow vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-6498-1

Ubuntu Security Notice 6498-1 - It was discovered that FRR incorrectly handled certain BGP messages. A remote attacker could possibly use this issue to cause FRR to crash, resulting in a denial of service.

Ubuntu Security Notice USN-6499-1

Ubuntu Security Notice 6499-1 - It was discovered that GnuTLS had a timing side-channel when handling certain RSA-PSK key exchanges. A remote attacker could possibly use this issue to recover sensitive information.

Ubuntu Security Notice USN-6500-1

Ubuntu Security Notice 6500-1 - Joshua Rogers discovered that Squid incorrectly handled validating certain SSL certificates. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10. Joshua Rogers discovered that Squid incorrectly handled the Gopher protocol. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. Gopher support has been disabled in this update. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04.

Red Hat Security Advisory 2023-7436-01

Red Hat Security Advisory 2023-7436-01 - An update for tigervnc is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include an out of bounds write vulnerability.

Red Hat Security Advisory 2023-7438-01

Red Hat Security Advisory 2023-7438-01 - An update for python-gevent is now available for Red Hat OpenStack Platform 17.1.1. Issues addressed include a privilege escalation vulnerability.

Red Hat Security Advisory 2023-7435-01

Red Hat Security Advisory 2023-7435-01 - An update for fence-agents is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

Red Hat Security Advisory 2023-7434-01

Red Hat Security Advisory 2023-7434-01 - An update for kernel is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2023-7418-01

Red Hat Security Advisory 2023-7418-01 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2023-7419-01

Red Hat Security Advisory 2023-7419-01 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 7. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2023-7423-01

Red Hat Security Advisory 2023-7423-01 - An update for kernel is now available for Red Hat Enterprise Linux 7. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2023-7424-01

Red Hat Security Advisory 2023-7424-01 - An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2023-7428-01

Red Hat Security Advisory 2023-7428-01 - An update for tigervnc is now available for Red Hat Enterprise Linux 7. Issues addressed include out of bounds write and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-7431-01

Red Hat Security Advisory 2023-7431-01 - An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Telecommunications Update Service. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2023-7411-01

Red Hat Security Advisory 2023-7411-01 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2023-7417-01

Red Hat Security Advisory 2023-7417-01 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include a use-after-free vulnerability.

Ubuntu Security Notice USN-6493-1

Ubuntu Security Notice 6493-1 - On Ubuntu 20.04 LTS and Ubuntu 22.04 LTS, the hibagent package has been updated to add IMDSv2 support, as IMDSv1 uses an insecure protocol and is no longer recommended. In addition, on all releases, hibagent has been updated to do nothing if ODH is configured.

Ubuntu Security Notice USN-6493-2

Ubuntu Security Notice 6493-2 - USN-6493-1 fixed a vulnerability in hibagent. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. On Ubuntu 18.04 LTS and Ubuntu 16.04 LTS, the hibagent package has been updated to add IMDSv2 support, as IMDSv1 uses an insecure protocol and is no longer recommended.

Ubuntu Security Notice USN-6492-1

Ubuntu Security Notice 6492-1 - Kathrin Kleinhammer discovered that Mosquitto incorrectly handled certain inputs. If a user or an automated system were provided with a specially crafted input, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS. Zhanxiang Song discovered that Mosquitto incorrectly handled certain inputs. If a user or an automated system were provided with a specially crafted input, a remote attacker could possibly use this issue to cause an authorisation bypass. This issue only affected Ubuntu 22.04 LTS and Ubuntu 23.04.

Ubuntu Security Notice USN-6490-1

Ubuntu Security Notice 6490-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Debian Security Advisory 5560-1

Debian Linux Security Advisory 5560-1 - Florian Picca reported a bug the charon-tkm daemon in strongSwan an IKE/IPsec suite.

Ubuntu Security Notice USN-6491-1

Ubuntu Security Notice 6491-1 - Axel Chong discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. Zeyu Zhang discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS.

Red Hat Security Advisory 2023-7361-01

Red Hat Security Advisory 2023-7361-01 - An update for ncurses is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Security Advisory 2023-7379-01

Red Hat Security Advisory 2023-7379-01 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a use-after-free vulnerability.

Ubuntu Security Notice USN-6489-1

Ubuntu Security Notice 6489-1 - Brian McDermott discovered that Tang incorrectly handled permissions when creating/rotating keys. A local attacker could possibly use this issue to read the keys.

Ubuntu Security Notice USN-6488-1

Ubuntu Security Notice 6488-1 - Florian Picca discovered that strongSwan incorrectly handled certain DH public values. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service, or possibly execute arbitrary code.

Ubuntu Security Notice USN-6497-1

Ubuntu Security Notice 6497-1 - Evgeny Vereshchagin discovered that Avahi contained several reachable assertions, which could lead to intentional assertion failures when specially crafted user input was given. An attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice USN-6486-1

Ubuntu Security Notice 6486-1 - It was discovered that iniParser incorrectly handled certain files. An attacker could possibly use this issue to cause a crash.

Debian Security Advisory 5559-1

Debian Linux Security Advisory 5559-1 - A vulnerability was discovered in the SSH dissector of Wireshark, a network protocol analyzer, which could result in denial of service or potentially the execution of arbitrary code.

Debian Security Advisory 5558-1

Debian Linux Security Advisory 5558-1 - Two security vulnerabilities have been discovered in Netty, a Java NIO client/server socket framework.

Red Hat Security Advisory 2023-7345-01

Red Hat Security Advisory 2023-7345-01 - An update is now available for Red Hat OpenShift GitOps 1.9. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-7344-01

Red Hat Security Advisory 2023-7344-01 - An update for openshift-gitops-kam is now available for Red Hat OpenShift GitOps 1.9. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-6837-01

Red Hat Security Advisory 2023-6837-01 - Red Hat OpenShift Container Platform release 4.14.2 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a cross site scripting vulnerability.

Ubuntu Security Notice USN-6485-1

Ubuntu Security Notice 6485-1 - Benoit Morgan, Paul Grosen, Thais Moreira Hamasaki, Ke Sun, Alyssa Milburn, Hisham Shafi, Nir Shlomovich, Tavis Ormandy, Daniel Moghimi, Josh Eads, Salman Qazi, Alexandra Sandulescu, Andy Nguyen, Eduardo Vela, Doug Kwan, and Kostik Shtoyk discovered that some Intel Processors did not properly handle certain sequences of processor instructions. A local attacker could possibly use this to cause a core hang , gain access to sensitive information or possibly escalate their privileges.

Debian Security Advisory 5557-1

Debian Linux Security Advisory 5557-1 - WebKitGTK has vulnerabilities. Junsung Lee discovered that processing web content may lead to a denial-of-service. An anonymous researcher discovered that processing web content may lead to arbitrary code execution.

Red Hat Security Advisory 2023-7342-01

Red Hat Security Advisory 2023-7342-01 - An update for cnf-tests-container, dpdk-base-container and performance-addon-operator-must-gather-rhel8-container is now available for Red Hat OpenShift Container Platform 4.11. Secondary scheduler builds and numaresources-operator are also available for technical preview with this release, however they are not intended for production.

Red Hat Security Advisory 2023-6842-01

Red Hat Security Advisory 2023-6842-01 - Red Hat OpenShift Container Platform release 4.12.43 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Security Advisory 2023-7334-01

Red Hat Security Advisory 2023-7334-01 - An update for rh-varnish6-varnish is now available for Red Hat Software Collections. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-7335-01

Red Hat Security Advisory 2023-7335-01 - An update is now available for Red Hat Process Automation Manager including images for Red Hat OpenShift Container Platform. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-6841-01

Red Hat Security Advisory 2023-6841-01 - An update is now available for Red Hat OpenShift Container Platform 4.12.

Ubuntu Security Notice USN-6484-1

Ubuntu Security Notice 6484-1 - It was discovered that OpenVPN incorrectly handled the --fragment option in certain configurations. A remote attacker could possibly use this issue to cause OpenVPN to crash, resulting in a denial of service. It was discovered that OpenVPN incorrectly handled certain memory operations. A remote attacker could use this issue to cause OpenVPN to crash, obtain sensitive information, or possibly execute arbitrary code.

Ubuntu Security Notice USN-6480-1

Ubuntu Security Notice 6480-1 - Barry Dorrans discovered that .NET did not properly implement certain security features for Blazor server forms. An attacker could possibly use this issue to bypass validation, which could trigger unintended actions. Piotr Bazydlo discovered that .NET did not properly handle untrusted URIs provided to System.Net.WebRequest.Create. An attacker could possibly use this issue to inject arbitrary commands to backend FTP servers.

Debian Security Advisory 5556-1

Debian Linux Security Advisory 5556-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5555-1

Debian Linux Security Advisory 5555-1 - Two vulnerabilities were discovered in openvpn, a virtual private network application which could result in memory disclosure or denial of service.

Ubuntu Security Notice USN-6481-1

Ubuntu Security Notice 6481-1 - It was discovered that FRR incorrectly handled certain malformed NLRI data. A remote attacker could possibly use this issue to cause FRR to crash, resulting in a denial of service. It was discovered that FRR incorrectly handled certain BGP UPDATE messages. A remote attacker could possibly use this issue to cause FRR to crash, resulting in a denial of service.

Ubuntu Security Notice USN-6482-1

Ubuntu Security Notice 6482-1 - It was discovered that Quagga incorrectly handled certain BGP messages. A remote attacker could possibly use this issue to cause Quagga to crash, resulting in a denial of service.

Ubuntu Security Notice USN-6483-1

Ubuntu Security Notice 6483-1 - Neeraj Pal discovered that HTML Tidy incorrectly handled parsing certain HTML data. If a user or automated system were tricked into parsing specially crafted HTML data, a remote attacker could cause HTML Tidy to consume resources, leading to a denial of service, or possibly execute arbitrary code.

Red Hat Security Advisory 2023-7288-01

Red Hat Security Advisory 2023-7288-01 - An update for Openshift Jenkins is now available for Red Hat Product OCP Tools 4.14. Issues addressed include bypass, code execution, cross site scripting, and denial of service vulnerabilities.

Red Hat Security Advisory 2023-7294-01

Red Hat Security Advisory 2023-7294-01 - An update for kernel is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support.

Red Hat Security Advisory 2023-7277-01

Red Hat Security Advisory 2023-7277-01 - An update for open-vm-tools is now available for Red Hat Enterprise Linux 9. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-7279-01

Red Hat Security Advisory 2023-7279-01 - An update for open-vm-tools is now available for Red Hat Enterprise Linux 7. Issues addressed include a bypass vulnerability.